Pentesting Primer 101 - Hands-on Lab Scenarios
What you'll learn
- Offensive Security & Pentesting Basics
- Scenario-based lab examples to reflect real world target environments
- Full-phased penetration testing lifecycle from Recon to Post-Exploitation with practical examples
- Hands-on skills with Metasploit, Nmap, Burp Suite and other popular hacking tools within a lab environment
- Generate, Deploy and Manage a variety of Shells
- Run exploits against Web Apps, Linux and Windows all within a guided range "Campaign Mode"
Requirements
- Basic knowledge in Networking, Linux and Windows
- Basic knowledge of Cybersecurity and Pentesting TTP's
- A Kali Linux VM and high-speed internet connection to follow along in the labs
- Experience with Linux and Windows command line
Description
This 2023 course is targeted for Beginner security professionals and enthusiasts who want to learn more about Penetration Testing and Red Teaming with practical examples. Topics cover the basics of offensive security and dive into the full pentesting lifecycle from Enumeration to Post-Exploitation.
The course guides the student through red team and ethical hacking TTP's while showcasing real-world scenarios on a cyber-range which mimics a target network. The cyber-range, Neotek is hosted by Slayer Labs and contains 11 Windows and Linux VM's all engineered to exploit! The course walks through the Neotek Campaign which is stroyline-based, providing hints and targeted directions to the attacker. Completing the course will allow you to own all 11 Neotek range targets!
The mission of this course and cyber-range is to provide the user with a technical high-level overview of ethical hacking, along with realistic scenarios and learning opportunities to become proficient in the basics of Pentesting. The goal is to provide real-world scenarios so the student can get hands-on keyboard and start running through the entire process from Enumeration to Post-Exploitation.
The course has been designed to trim the fat with the expectation that students can pause, re-watch or do additional research if they are following along hands-on in the labs. With that, the student is expected to know basic tools and TTP's in relation to offensive security, ethical hacking and pentesting. For example - covering how to setup a VM in VirtualBox, explaining the basics of networking or installing additional tools on Kali will not be covered.
Each topic dives into the technical side, providing command-line examples and explanations along the way. Topics covered (but are not limited to):
Enumeration with Nmap scripts and Metasploit.
Initial Exploitation with public Exploit-DB proofs of concepts, WebApp and vulnerable service exploitation & Brute Forcing with Hydra and CrackMapExec.
PrivEsc with LinPEAS, WinPEAS, Credential Harvesting, Metasploit Post Modules & Packet Sniffing.
Post-Exploitation by Collecting and Cracking Linux and Windows hashes with Mimikatz and John the Ripper, Harvesting SSH Keys, Transferring Files & Establishing Tunnels.
Course content uses Kali the majority of the time, but also uses Slayer Labs Neotek range targets for intel collection and as jump boxes, utilizing built-in services such as Nmap and SSH portforwarding. Students should be comfortable using Kali Linux along with Linux and Windows command-line. This course is Begineer-friendly in relation to Penetration Testing, however the student should have prior knowledge in IT fundamentals and Security essentials.
Who this course is for:
- Beginner security students and/or professionals who are looking to get more hands-on practical experience with offensive security, pentesting, and ethical hacking TTP's
- Professionals with entry level security certificates such as Security+, GSEC or Pentest+ who are wanting to learn Red Teaming and Penetration Testing with practical hands-on keyboard scenarios
- Students or professionals who want to learn and get hands on experience running through the entire Pentesting process
Instructor
Slayer Labs is passionate about offensive cybersecurity and committed to engineering and developing course content and cyber-ranges to reflect real world scenarios.
In regards to pentesting and offensive cybersecurity, we believe getting hands on keyboard, running through actual pentesting scenarios provides much more value than simply covering theory. The mission for creating course content is to bridge the gap between theory and practice...with a heavy focus on practice.